GitHub Authentication
Thanks for using Sponsor Connect. So what's up with those scrary permissions that Sponsor Connect is asking for from GitHub? What are they, why do we need them, and how do we use them?
For starters, at the moment we ask for the following three scopes when authenticating you with GitHub:
- user
- repo
- read:org
User Scope
The user scope is the most basic scope there is. This is what allows us to see public information about you such as your login name.
Repo Scope
This application will be able to read and write all public and private repository data.
This is probably the most scary one for a lot of people because this scope gives us access to Public and Private repos on your account. If you're reading this, honestly this is probably the scope that you want to know the most about. So why does Sponsor Connect require the repo scope?
Certain features of Sponsor Connect planned for release for Dan's GitHub sponsors at the $25/month and up levels require this permission. Ok but what "Features" are we talking about? There are two actually in the works. The first will be a training platform that will allow you to learn more about Prism and app development. This training platform works by creating a repo on your account and populating it with Issues that you'll work through. Since we're both creating a repo and issues, this requires us to have a repo scope on your token. The second feature coming later will introduce a Project Quickstart. It's still too early to say just how far this will go but needless to say you'll be able to create a new project from Sponsor Connect which will have similar functionality to the old Visual Studio for Mac extension. This will include creating a private repo on your account and pushing the created project to your newly created repo.
We know those are pretty cool features... but it says something scary like you're going to do something with my private repos. Nope we're really not... We're too busy building tools and libraries to make your life easier. Sponsor Connect will only ever use the scope on your behalf when you have asked us to do something for you with one of the two features we just told you about.
Read:Org Scope
This application will be able to read your organization, team membership, and private project boards.
Seriously what the heck is this about??? Why do we want to know about your organizations? Short answer is we don't... we think it's just as stupid as you do. However these scopes are an all upfront sort of thing we can't pick and choose before you log in, and this scope is required for those awesome developers you're sponsoring to be able to initiate a manual sync with GitHub. It seriously makes ZERO sense to us too, but nothing we can really do about it.